Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

To: Micah Anderson <micah@riseup.net>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
From: "s. keeling" <keeling@nucleus.com>
Date: Wed, 9 Jul 2008 19:37:30 -0600
Message-id: <20080710013730.GB19133@phreaque.nucleus.com>
In-reply-to: <20080710011802.GB20040@pond.riseup.net>
References: <87myks4886.fsf@mid.deneb.enyo.de> <200807091810.51330.7o2lccqg@acme.softbase.org> <20080709185123.GI14438@morgul.net> <200807092230.52793.7o2lccqg@acme.softbase.org> <20080709210034.GA20040@pond.riseup.net> <slrng7alrh.5r7.keeling@phreaque.nucleus.com> <20080710011802.GB20040@pond.riseup.net>

Incoming from Micah Anderson:
> * s. keeling <keeling@nucleus.com> [2008-07-09 17:31-0400]:
> > Micah Anderson <micah@riseup.net>:
> > >  * Wolfgang Jeltsch <7o2lccqg@acme.softbase.org> [2008-07-09 13:31-0400]:
> > > > > > configure it to only listen on 127.0.0.1,
> > > > 
> > > > How do I do this? dpkg-reconfigure doesn?t help.
> > > 
> > >  I think the bind9 package comes configured this way by default in
> > >  Debian (a caching-only local nameserver).
> > 
> > If that's what the OP requires, maradns provides that, and a lot
> > simpler. 
> 
> What could be more simpler than apt-get install bind9?

... followed by configuring it for (assumed, worst case) his
particular Franken-network situation.  I've fought with bind numerous
times before, and didn't enjoy it.

If all he needs is caching-only local, that's what maradns is for.
I'm not dissing bind*.  I'm just suggesting maradns's simpler, and
possibly apropos in OP's situation.

I could be wrong though; the start of this thread recedes into the
depths of time ... and I may have missed important details.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)                                         Please don't Cc: me.
- -

Reply to:

References:
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Wolfgang Jeltsch <7o2lccqg@acme.softbase.org>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Noah Meyerhans <noahm@debian.org>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Wolfgang Jeltsch <7o2lccqg@acme.softbase.org>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Micah Anderson <micah@riseup.net>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: "s. keeling" <keeling@nucleus.com>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Micah Anderson <micah@riseup.net>

Prev by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Previous by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Index(es):
- Date
- Thread